<?php
/*
	Copyright 2006, 2007, 2008, 2009, 2010 Bastiaan Grutters
    
    This file is part of Ages of Strife website.

    Ages of Strife website is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    Ages of Strife website is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with Ages of Strife website.  If not, see <http://www.gnu.org/licenses/>.
 */
session_start();
include( 'dlog.php' );
include( '../configuration/config.php' );
include( 'old_database_connection.php');
include( 'DatabaseAbstractionLayer.php');
include( 'utils.php' );

$dal = new DatabaseAbstractionLayer();
// Set the database abstraction layer to use the same debug setting as used in the config
$dal->setDebug( DEBUG );

$username = formatInput( $_POST[ 'username' ] );
$password = formatInput( $_POST[ 'password' ] );

$language = 'en';
$query5 = "SELECT language, title " .
		"FROM languages " .
		"ORDER BY default_language DESC, title ASC";
$result5 = mysql_query( $query5 ) or die( "Query failed : " . mysql_error() );
$num5 = mysql_numrows( $result5 );
if( isset( $_POST[ 'language' ] ) ) {
	$i = 0;
	while ( $i < $num5 ) {
		if( $_POST[ 'language' ] == mysql_result( $result5, $i, 'language' ) ) {
			$language = mysql_result( $result5, $i, 'language' );
			break;
		}
		$i ++;
	}
}

if ( isset( $username ) && isset( $password ) && ( $password != "" || $username != "" ) ) {
	$query = "SELECT password, username, user_id, admin, banned FROM users WHERE username = '" . formatInput( $username ) . "'";
	$result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );
	$row = mysql_fetch_array($result, MYSQL_ASSOC);
	if( isset( $row[ 'user_id' ] ) ) {
		//$password_check = $row[ 'password' ];
		//$password_check2 = crypt( $password, $row[ 'password' ] );
		// TODO fix check after a reset when passwords are alright again
		if( crypt( $password, $row[ 'password' ] ) == $row[ 'password' ] ) { //$username == $row[ 'username' ] && $password == $row[ 'password' ] ) {
			if( $row[ 'banned' ] == 1 ) {
				$_SESSION[ 'login_status' ] = "Your account has been permanently banned!";	
				$_SESSION['login'] = 0;
				header( "Location: ../index.php?language=$language" );			
			}
			else {
		 	    session_set_cookie_params ( 0 );
		 	    $_SESSION[ 'login' ] = 1;
		 	    $_SESSION[ 'password' ] = $row[ 'password' ];
			    $_SESSION[ 'user_id' ] = $row[ 'user_id' ];
			    if( $row[ 'admin' ] == 1 ) {
				    $_SESSION[ 'admin' ] = 1;
			    }
				
				$query = "SELECT ruler_id, ban_turn FROM ruler WHERE user_id = '" . $_SESSION[ 'user_id' ] . "'";
				$result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );
				$row = mysql_fetch_array($result, MYSQL_ASSOC);
				mysql_free_result($result);
				if( isset( $row[ 'ruler_id' ] ) ) {
					$ban_turn = $row[ 'ban_turn' ];
				    $_SESSION[ 'ruler_id' ] = $row[ 'ruler_id' ];
					$query = "SELECT turn FROM game";
					$result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );
					$row = mysql_fetch_array($result, MYSQL_ASSOC);
					if( $ban_turn != -1 && $ban_turn > $row[ 'turn' ] ) {
						$_SESSION[ 'login_status' ] = "You have been banned until turn: " . number_format( $ban_turn ) . "!";	
						mysql_close( $link );
						$_SESSION['login'] = 0;
						header( "Location: ../index.php" );
					}
					else {
						$query = "UPDATE ruler SET active_turn = " . $row[ 'turn' ] . " WHERE ruler_id = " . $_SESSION[ 'ruler_id' ];
						$result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );
						
						$query = "UPDATE users SET ip = '" . formatInput( $_SERVER[ 'REMOTE_ADDR' ] ) . "' WHERE user_id = " . $_SESSION[ 'user_id' ];
						$result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );
						
						$statement = $dal->prepare( 'INSERT INTO access_history ' .
								'( `user_id`, `ip`, `timestamp` ) ' .
								'VALUES( :user_id, :ip, :timestamp )' );
						$timestamp = time();
						$statement->bindParam( ':user_id', $_SESSION[ 'user_id' ], PDO::PARAM_INT );
						$statement->bindParam( ':ip', $_SERVER[ 'REMOTE_ADDR' ], PDO::PARAM_STR );
						$statement->bindParam( ':timestamp', $timestamp, PDO::PARAM_INT );
						$dal->execute( $statement );
					    
						$query = "SELECT count(*) " .
								"FROM users " .
								"JOIN ruler ON users.user_id = ruler.user_id " .
								"WHERE ip = '" . $_SERVER[ 'REMOTE_ADDR' ] . "' AND banned = 0 AND resigned = 0";
						$result = mysql_query( $query ) or die( "Query failed : " . mysql_error() );
						$row = mysql_fetch_array($result, MYSQL_ASSOC);
						if( $row[ 'count(*)' ] > 1 ) {
							$_SESSION[ 'multiple_ip_usage' ] = true;
						}
						
						mysql_close($link);
						header("Location: ../overview/overview.php");
					}
				}
				else {
					mysql_close( $link );
					header("Location: sign_up.php");
				}
			}
		}
		else {
			$_SESSION[ 'login_status' ] = "Incorrect password!";	
			mysql_close( $link );
			$_SESSION['login'] = 0;
			header( "Location: ../index.php?language=$language" );
		}
	}
	else {
		$_SESSION[ 'login_status' ] = "Unknown username.";	
		header( "Location: ../index.php?language=$language" );
	}
}
else {
	$_SESSION[ 'login_status' ] = "Enter your username and password.";	
	header( "Location: ../index.php?language=$language" );
}
?>
